API Gateway Tenant Policy

[simonireilly]

Update the authenticated user policy to have the following:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": ["s3:ListBucket"],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::mybucket"],
      "Condition": {"StringLike": {"s3:prefix": ["${aws:username}/*"]}}
    },
    {
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::mybucket/${aws:username}/*"]
    }
  ]
}

Where, {aws:username} is substituted with any of the available tags.

• Available tags https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-aws-condition-keys.html
• IAM policy examples https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html

[simonireilly]

There is a working example on the site now :+1: